PT-2023-19632 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Guardian/CMC versions prior to 22.6.2 Description: The issue arises under certain conditions, influenced by timing and the usage of the Chrome web browser, where the user session is not always fully invalidated upon logout. This allows an...

Nozomi Networks Guardian Authorization Issues Vulnerability

Nozomi Networks Guardian is an IoT device and software inspection system from Nozomi Networks, USA. Nozomi Networks Guardian suffers from a security vulnerability that stems from the fact that, under certain circumstances, it may not completely disable a user's session upon logout...

Session Fixation in Guardian/CMC before 22.6.2

Summary In certain conditions, depending on timing and the usage of the Chrome web browser, Guardian/CMC versions before 22.6.2 do not always completely invalidate the user session upon logout. Thus an authenticated local attacker may gain acces to the original user's session. Impact Unauthorized...

MediaWiki < 1.35.0 Multiple Vulnerabilities

According to its self-reported version number, the instance of MediaWiki hosted on the remote web server is prior to 1.35. It is, therefore, affected by multiple vulnerabilities: - A vulnerability in the default Cologne Blue skin in the qbfind paramter inside CologneBlueTemplate.php leading to...

CSRF Logout

Description Bad actor can send to victims link ie. obfuscated with payload /signout and when victims will use it - can change the state of user logged in/logged out. Proof of Concept Payload: https://eu.aptabase.com/api/auth/signout Repro steps: As logged in user https://eu.aptabase.com/ open new...

Improper Session Management

github.com/answerdev/answer is vulnerable to Improper Session Management. The vulnerability exists in UserLogout function at usercontroller.go due to improper cache handling during the admin logout which allows an attacker to use the token to gain unauthorized access to the application even after...

CVE-2023-26448

Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit...

PT-2023-20640 · Ox Software Gmbh +1 · Ox App Suite +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises from custom log-in and log-out locations defined as jslob, which were not checked for malicious protocol handlers. This oversight allow...

CVE-2023-20862

A flaw was found in Spring Security. In affected versions of Spring Security, the logout support does not properly clean the security context if using serialized versions. Additionally, it is not possible to explicitly save an empty security context to the HttpSessionSecurityContextRepository. Th...

Security Bulletin: VMware Tanzu Spring Security is vulnerable to CVE-2022-31692 and CVE-2023-20862 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses VMware Tanzu Spring Security which is vulnerable to CVE-2022-31692 and CVE-2023-20862. Vulnerability Details CVEID:CVE-2022-31692 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions,...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in VMware Tanzu Spring Security (CVE-2023-20862)

Summary A vulnerability in VMware Tanzu Spring Security used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-20862 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by the logout support feature...

Session Fixation

graylog2-server is vulnerable to Session Fixation. The vulnerability exists because a node may still have the session cached even when a user has explicitly logged out, which allows the session to still be used for API requests until it has reached its original expiry time...

CVE-2023-36266

An issue was discovered in Keeper Password Manager for Desktop version 16.10.2 fixed in 17.2, and the KeeperFill Browser Extensions version 16.5.4 fixed in 17.2, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and...

PT-2023-25503 · Keeper · Keeper Password Manager For Desktop +1

Name of the Vulnerable Software and Affected Versions: Keeper Password Manager for Desktop version 16.10.2 KeeperFill Browser Extensions version 16.5.4 Description: An issue allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already...

CVE-2023-35857

In Siren Investigate before 13.2.2, session keys remain active even after logging out...

CVE-2023-35857

In Siren Investigate before 13.2.2, session keys remain active even after logging out...

Siren Investigate 代码问题漏洞

Siren Investigate is a front-end to the Siren platform from Siren Ireland, allowing the creation of dashboards, charts, link analysis, alerts and more. A security vulnerability exists in Siren Investigate versions prior to 13.2.2, which stems from a session key remaining active even after logout...

CVE-2023-35857

In Siren Investigate before 13.2.2, session keys remain active even after logging out...

CVE-2023-35857

In Siren Investigate before 13.2.2, session keys remain active even after logging out...

CVE-2023-25978

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Nate Reist Protected Posts Logout Button plugin = 1.4.5 versions...